MSc Cyber Security (Infrastructures Security)
Certified by the NCSC – a part of GCHQ
This degree has been awarded Provisional Certification by the NCSC
Digital technologies drive economic growth yet create new cyber risks demanding ever more sophisticated solutions. There is worldwide demand for new and innovative approaches to tackle global cyber-threats specific to large-scale infrastructures, from energy production to finance through to healthcare and smart transportation. The cyber security of such infrastructures is paramount – their disruption can have large-scale impacts on society as well as massive business losses. There is a major shortage of cyber security professionals globally, and the specialist nature of critical infrastructures makes the problem even more acute.
A strong ethos of rigorous experimental and empirical cyber security research underpins the MSc, facilitated by a state-of-the-art testbed for studying critical National Infrastructure (CNI) and Internet of Things (IoT) security, and bespoke teaching equipment. You’ll learn to apply foundational cyber security techniques to infrastructure and will develop the skills for engineering scalable solutions. You'll be exposed to real-world problems that are practical and challenge-oriented but underpinned by rigorous research.
This MSc aims to:
- Enable a deep understanding of fundamental concepts, design principles, building blocks and methods to understand and mitigate against cyber security threats;
- Give you hands-on experience of working with devices, systems and networks utilised in realistic infrastructure environments;
- Equip you with the ability to apply security principles and technical knowledge to analyse complex real-world infrastructures systems (including software systems, networks, control systems and IoT) to identify potential security issues and solutions;
- Provide you with the skills to reason critically about complex problems that require evaluation and analysis from a multi-dimensional perspective including technical, human and organisational aspects.
Find out what you’ll be studying in this hands-on innovative MSc from Programme Director, Awais Rashid.
The MSc consists of the following compulsory units:
- Foundations (20 credits)
- Network Security (20 credits)
- Fundamentals of System Security (20 credits)
- Security of Industrial Control Systems (30 credits)
- IoT and IIoT Security (30 credits).
To complete your studies, you will undertake a 60-credit individual research project proposed by project supervisors. This unit will provide you with first-hand experience in planning, running, documenting, and presenting a substantial piece of original work in the field of cyber security of infrastructures. This will typically include reading and synthesising academic literature, developing a hypothesis and validating it through hands-on experimental or implementation work. The projects offered each year will vary and each will have a different focus under the overarching umbrella of Infrastructures Security.
Part-time study available
- Year 1: TB1 units Foundations and Network Security; TB2 Unit: Security of Industrial Control Systems.
- Year 2: TB1 unit: Fundamentals of System Security; TB2 Unit: IoT & IIoT Security. Depending on whether the student aims to finish within 2 or 3 years, a dissertation project can be undertaken in Year 2 or 3.
- Other combinations can be allowed as long as the pre-requisites are respected and with the express permission of the Programme Director. For instance, a student may take all of TB1 units in Year 1, all of TB2 units in year 2 and the dissertation in year 3. This would be an acceptable combination.
MSc Delivery Team
Dr Inah Omoronyia
Inah Omoronyia has a portfolio of collaborative, entrepreneurship and innovative research in areas of engineering privacy and security in software systems. His work is driven by the view that better software design (inc. its process, requirements, implementation and testing) is a pathway to effective data-inspired technological innovation, regulatory compliance and privacy. His research is funded by the industry, Innovate UK, EPSRC and Scottish Enterprise. Omoronyia is a previous ERCIM Fellow and co-leads on training and student experience within the CDT.
Dr Sridhar Adepu
Dr Sridhar Adepu is a Lecturer in Cyber Physical Systems Security in Computer Science at University of Bristol and is a core member of the Bristol Cyber Security Group and part of the MSc infrastructure security programme. He also lectures and supervises PhD students at the EPSRC Centre for Doctoral Training in Cyber Security. His research interests are in the security of Cyber Physical Systems (CPS), Industrial Control Systems and Critical Infrastructure. His research takes a multidisciplinary approach to tackle security issues associated with CPS.
Dr Sana Belguith
Dr Sana Belguith is a Lecturer in Cyber Security at the University of Bristol and a member of the Bristol Cyber Security Research Group. Prior to this, she was Lecturer in Cyber Security at the University of Salford. Previously, She was a Post-Doctoral Researcher in the Department of Computer Science at the University of Auckland, New Zealand. She has been a visiting researcher at Telecom SudParis, France. She holds a PhD in Computer Science from the Tunisia Polytechnic School and an Engineering Degree in Telecommunication from the National Engineering School of Tunisia. Dr. Belguith’s major research interests include, distributed systems security (such as Internet of Things, Cloud Computing, Publish and Subscribe Systems, etc.), applied cryptography, privacy enhancing techniques, access control, attribute-based encryption, searchable encryption, and Blockchain.
Dr Barney Craggs
Dr Barney Craggs is a Lecturer in Cyber Security within the Bristol Cyber Security Group. As well as his role as the University of Bristol CSO, Barney leads a programme of research in securing UK universities. His own research looks at the role of humans in cyber physical systems with a focus on security ergonomics, cultural practice and decision making. With Richard Owen, Barney co-leads on Responsible Innovation and co-creation within the CDT.
Dr Matthew Edwards
Dr Matthew Edwards’ research interests lie at the intersection of cybersecurity and data science, commonly crossing over into the application of machine learning techniques to cybercrime prevention. His work has focused around understanding security implications from online data in application domains such as child protection, social engineering, online fraud and technological cybercrime, whilst simultaneously attempting to improve the transparency and reliability of technologies used for cybersecurity purposes.
Mr Joe Gardiner
Mr Joe Gardiner is a Lecturer, Department of Computer Science, at the University of Bristol. His research interests include the security of cyber-physical systems, the design of robust controller architectures for software defined networks and the security of machine learning.
Dr Joseph Hallett
Dr Joseph Hallett is a Lecturer in Cyber Security at the University of Bristol. Their research explores how we can build security into operating systems and programming languages in a way that helps developers get it right and create secure software without making too many mistakes. Since 2018, he has been investigating how to develop an empirically grounded theory of secure software development by the masses. More recently, Joseph has been working on achieving greater awareness and sociotechnical understanding of the human barriers that stand in the way of next generation digital security success, to transform policy making, accelerate adoption and drive consistent use.
Dr Ola Michalec
Dr Ola Michalec is a social scientist embedded in the University of Bristol Cyber Security Research Group. Since 2019, she has been investigating how diverse practitioners collaborate to implement the NIS Directive across critical infrastructure sectors through a project funded by RITICS . More recently, Ola has been working on anticipating security regulations for the emerging technologies in the decentralised energy systems. In terms of her plans for the future, Ola is about to start a Fellowship funded by RITICS and the National Cyber Security Centre, where she will continue her work on better Indicators of Good Practice and cyber maturity in NIS.
Dr Marvin Ramokapane
Dr Marvin Ramokapane is a Lecturer, Department of Computer Science, at the University of Bristol. As a researcher in cyber security and privacy and leveraging his technical and socio-technical research methods, he aims to understand how users perceive and use technology with regards to security and privacy. He is particularly interested in three areas, (1) usability, (2) privacy, and (3) trust. His research on usability focuses on understanding the usability practices and the challenges faced by users and operators alike when enforcing security and privacy measures. I aim to understand the challenges and propose viable solutions. Regarding privacy, he is interested in understanding users’ perceptions and norms around the use of smartphones and smart home devices. His research on trust focuses on understanding the factors that engender trust in various applications such as peer to peer electricity trading platforms.
Professor Awais Rashid
Professor Awais Rashid is the Director of the Centre for Doctoral Training TIPS-at-scale and our CDT lead for socio-technical approaches to software and infrastructure security. Awais has 20 years of expertise leading large, multi-partner, interdisciplinary projects. He leads Bristol Cyber Security Group (with members from computer science, sociology, psychology, criminology) and is the director of the new UKRI Interdisciplinary Research Centre: REPHRAIN. Previously he was Associate Dean for PG studies and Director of the Science & Technology Graduate School (managing the EPSRC DTP) at Lancaster University (2010-2013). He is a member of the advisory boards for EPSRC’s Digital Economy programme and the UKRI Partnership for Conﬂict, Crime and Security Research; and also serves on two UK government cyber expert groups. He heads the National Cyber Security Programme CyBOK project.
What kind of MSc projects might students be doing on this programme?
- The aim of the project is to carry out an in-depth investigation into a specific area of cyber security relevant to the programme topic (Infrastructures Security) and to make a valuable and original scientific or technical contribution.
- The focus is on discovery and demonstration of innovative cyber security ideas that will have the potential to generate real-world impact or otherwise have impact for some research community.
- Projects may involve the design of hardware, software, experiments, studies involving human users or organisations (within the scope of the programme topic). Topics may include threat hunting relating to critical infrastructures, developing new software security mechanisms or new types of vulnerability analysis or intrusion detection systems. Students may also conduct studies deploying a number of security mechanisms to experimentally evaluate their comparative strengths and weaknesses.
- Specialist teaching equipment for ICS and IoT security – custom-built equipment for Industrial Control Systems (ICS) teaching and projects; the Testbed is a state-of-the-art experimental research facility including 2 physical processes (water treatment plant, model factory); three station Security Operations Centre (SOC); dedicated workshop featuring a 3D printer, circuit board printer, soldiering station and tools.
Are there opportunities for MSc students to learn more about the research side of things during the 1-year course
- Absolutely – Cyber Security is a long-standing research strength and a strategic priority for the University. The programme is founded on the internationally recognised research expertise, team and unique facilities of Bristol Cyber Security Group - students will be taught by research experts in the field. The group also developed world-first teaching equipment and materials, not available elsewhere, which will be used in this Master’s programme.
- In the taught part of the programme students will acquire hands-on experience of applying their knowledge to real devices and systems by working on specialist equipment in the labs (drawing upon the state-of-the-art CNI and IoT testbed facilities developed by the research group) to hone their skills through supervised lab sessions. Group work, for example large case studies, will be utilised in order that students gain an understanding of leveraging and applying their knowledge. These group working skills are key in this sector as securing such infrastructures requires teamwork and collaborative effort and leveraging understanding from a diverse range of perspectives. Students will also develop their individual analytical and problem-solving skills by applying the knowledge gained in the programme to case studies or development of security applications or tools. Students will develop confidence in their abilities to solve problems unaided through extension exercises that will follow-on from the lab workbooks on a weekly basis.
- The MSc Dissertation Project represents the pinnacle of the MSc Cyber Security degree programme allowing students to independently (with a dedicated supervisor from the research group) carry out an in-depth investigation into a specific area of cyber security. In the run-up to this students will take courses on research methods, dissertation writing and responsible innovation (not part of a standard unit, or assessed) as well as a dedicated panel session with academic staff to discuss what makes good research questions depending on the nature of a project, e.g., technical, experimental or empirical.
- There will also be seminars which students will have the opportunity to attend. The Cyber Security Group participate in or lead several major initiatives, e.g., leading projects in national institutes and centres and hosting such centres too. There are many events related to the research in these centres and some events are open to graduate students. Our students will naturally be invited to such open events.
The Bristol Cyber Security Group testbed provides a realistic environment for research into cyber-physical systems security. It has been built from the ground up, based on extensive past experience of building ICS security testbeds and input from industry partners.
Joe Gardiner, Lecturer, Department of Computer Science, outlines the Bristol Cyber Security Group Testbed Tour.
Multiple physical and virtual processes
Including a water treatment plant, model factory and building management system, each within distinct, centrally managed field sites.
Physical industrial control hardware
Sourced from a number of vendors including the latest devices with the newest protocols.
Fully-realised experimental network environment
Covering both the IT and OT network environments, with comprehensive data capture abilities.
Training and prototyping environment
Comprehensive fully simulated environments and small scale physical testbeds.
ICS training boxes
Designed and built in-house.
Remote field site with physical process
Mobile and self-contained.
Allowing for granular integration of remote testbed/control structures to enable large scale and diverse experimentation.
Our own workshop
Including 3D-print capabilities for rapid prototyping.
Access to the electrical engineering workshop team
For design and building of testbed infrastructure.